Home Setup - Design changes

Well I'll be closing on a home in July and with that I want to consider redoing my home setup. I will break the home setup into categories and also current setup and future setup. I would like input on future setup, thus the discussion part of this thread.

3 x Dell PowerConnect 5524 24-Port Ethernet Gigabit Switches. I use the 10 GB SFP+ ports to run the 10 GB between servers and use HDMI cable to connect the switches.

2 X TP-Link AC1750 Wireless Wi-Fi Access Point for Wifi.

Servers are using RT8N1 DELL MELLANOX CONNECTX-2 PCIe 10GBe Nics

IP Range:

192.x for home and 172.x for development

Future:
Network interface:

I want to run cat 6? cable in the house and have 2-4 drops in each room. That will ensure i can upgrade from 1 GB to 10 GB easily in the future. The house may already have some drops in place, but i dont know the spec of the wire.

Hardware:

I would like to get something a little more energy efficient then the dells, maybe with more ports and with 10 GB SFP+ so i can connect the servers as well.

IP Range:

I dont mind keeping the 192.x setup for home. It will provide me enough IP ranges. What I want to work on is what gives out the DHCP IP address and the communication between the home 192 and dev lab 172 ip address. Any recommendations?

Dell r720 and intel 4u servers are for my home network. They are running ESXI 6.5 and run all my home VMs. The Dell also has storage VM running.

Intel 2u and Supermicro 4 node were for mining, but will probably be re-purposed.

Future:
VM Hosts:

I plan to stay with ESXI and Vcenter for the home server usage.

I might try another VM host for dev lab, to play with.

Servers:

For now I plan to keep the servers, but i might want to either get smaller servers that are more efficient or upgrade to a newer gen and consolidate. I got plenty of power and ram to run modern VMs and workloads, but the energy usage might make me want to change it up. Plus I like to get new toys.

Setup:

I'm deciding where to setup the servers. Currently the plan is to use a bedroom so they are in AC controlled area. I would eventually like to build out a data room in the garage and use a mini-split AC for that area to free up the bedroom. but its not high on the priority list.

I will get a used Rack since i have the room now to store all the servers in.

3. Storage
=========================================================================Current:
Overview:
I use an AIO setup with my VM servers to handle storage. I use FreeNas to handle raw storage and pass that out to other servers using ISCSI or NFS. I have 4 pools setup. Two of the pools (Data and backup) are used by Windows 2012 R2 Essentials VM which shares out storage and performs backup of my windows servers using the connector software. The other pool is backup site for ESXI VMs and the last is SSD pool for playing with VMs.

I have two z1 pools of 3 8TB drives each. One pool is used for data storage, Other for backups.

Two z1 pools are ISCSI out to ESXI host and attached to Windows 2012 R2 Essentials VM. One is for Data 8 TB and the other is for backups also 8TB.

I currently use an intel 900P 280 GB AIC in the Dell r720 and hosted in ESXI as a datastore. I pass 4 30 GB drives from the intel 900p into FreeNas VM to use as slog drives.

Future:
Overview:
I dont know if I want to stay with FreeNas or move over to QNAP box. I like the idea of QNAP, but also like the freedom of FreeNas. I dont know how the two would compare with in terms of speed of storage pools. With FreeNas, I can add more memory and with intel 900p acting as slog, its very fast. I also have 10 GB internal ESXI network and also 10 GB out of ESXI to the switches etc setup.

If I stay with FreeNas, I think I want to change the pools over to z2 setup and possible upgrade to two separate intel 900p drives?

I also currently using Windows 2012 R2 Essentials for handling files on the network. Most of my computers are windows OS based. I run a few Linux VMs but access storage using Freenas build for Dev lab separate from home freenas build. I also use Windows server built in backup for automating backup of all my computers.

I been thinking of updating to windows 2016 R2 essentials. but that has a licensing cost. What do others use for network storage and windows OS backup. I like things that are simple set and forget.

4. Security
=========================================================================Current:
Overview: I currently run Sophos UTM 9.x as VM to handle my internet security. I been running it for years and have it configured with application blocks, country blocks, scans, filters, etc.

For Antivirus: I use Avast Business Pro Plus. I also been using various Avast antivirus for years. I have it installed on all my physical computers, a few VMs and my windows 2012 r2 essentials server.

Future:
Overview: I would like to move to the new UTM from Sophos for home usage. There is no more IP limits with the new version. The PITA is there is no migration option from old UTM to the new so everything needs to be redone.

I would like to also learn how to properly setup vlans to keep the various traffic in my network separate. Any guides or help with that would be useful.

Also not sure how well the UTM will do with Fiber Giga internet connection. I'm assuming if i up the resources IE add more ram/cpu cores it will be fine.

Finally for Wifi- any suggestions on best practices to avoid them getting hacked into?

I got nothing for IP Cameras. I definitely want to run several around the house that are POE capable and 1080 resolution with night vision. I dont want to use camera that have cloud service. I want the cameras to store locally using either free camera software or QNAP addon- if i go with that as storage option.

Any suggestions would be great both for software, hardware and general tips, issues.

6.13.18 - I'm thinking of using ZoneMinder for IP Camera software. Anyone using it now?

IP Phones: I'm currently running Wazo PBX as a VM with google voice and zoiper app on my cell phone for business line. I need to upgrade my base Wazo install to new version, I also want to get and IP based physical phone at some point and only use the app when im a way.

I wired my home for networking shortly after purchasing it as well. so for the network piece I would recommend a POE switch especially if you plan to do IP cameras. it may increase your initial investment but in the end it will be the mass of POE converters you have either at your patch or between the wall ports and the device. I personally went with Ubiquity for my network infrastructure, I did a 48 port 500W POE and one of there XG 10G switches.

I wired my home for networking shortly after purchasing it as well. so for the network piece I would recommend a POE switch especially if you plan to do IP cameras. it may increase your initial investment but in the end it will be the mass of POE converters you have either at your patch or between the wall ports and the device. I personally went with Ubiquity for my network infrastructure, I did a 48 port 500W POE and one of there XG 10G switches.

Click to expand...

How much power do the switches use?
I will probably get a 24 port POE switch. I dont see ever needing more then 24. I'm thinking 12 for Camera, probably really only run 8. Then 2-4 for Wifi access points. One for IP phone.

I got to figure out a good location for patch panel. I dont know if I should plan it in a bedroom closet or some other closet. Might be best to have the patch panel in the roof space, then have two runs one into bedroom, the other into garage, then i can switch whenever needed.

Power usage based on POE usage but the minimum with no POE devices is 64W for the 48 port and 56 for the 10G switch. I personally went with 4 ports per bedroom (3 in my case) and 4 for the living room area. I figured computer, cable box/smart tv, and a console or 2 per area was going to work out well. that gave 16 before I included my one AP, add in all the other lines for IPMI and basic uplink drove me to the 48 port version. the other driving force was that the 48 port version has 2 x 10G SFP+ for links to the 10G server switch.

The location I went with was in my garage as it provided a nice insulated wall between it and the rest of the house to help drown out the noise. the proximity to the breaker and all those things makes it easy if you need to add a circuit for 30 amp or 240V service. Concrete floor help if you go to a standing rack, exposed studs help for wall mounting.

4. Security
=========================================================================Current:
Overview: I currently run Sophos UTM 9.x as VM to handle my internet security. I been running it for years and have it configured with application blocks, country blocks, scans, filters, etc.

For Antivirus: I use Avast Business Pro Plus. I also been using various Avast antivirus for years. I have it installed on all my physical computers, a few VMs and my windows 2012 r2 essentials server.

Future:
Overview: I would like to move to the new UTM from Sophos for home usage. There is no more IP limits with the new version. The PITA is there is no migration option from old UTM to the new so everything needs to be redone.

I would like to also learn how to properly setup vlans to keep the various traffic in my network separate. Any guides or help with that would be useful.

Also not sure how well the UTM will do with Fiber Giga internet connection. I'm assuming if i up the resources IE add more ram/cpu cores it will be fine.

Finally for Wifi- any suggestions on best practices to avoid them getting hacked into?

Click to expand...

Well I finally got my servers setup in the new home and found out that Sophos UTM seems to have trouble with the Giga fiber speeds.

Seems to be due to IPS (Intrusion Prevention). I set snoop(sp?) to use 4 cores since I have 4 cores assigned to the VM. that helped a little bit. I also moved the VM to server with high freq CPU and that helped as well.

Right now with 4 Cores, 4 GB Ram and on the faster CPU (2.7GHZ) i am getting the below with IPS on.

Sophos IPS uses snort which is single threaded. So, adding more cores to the guest won't help much as plain old raw GHz which is what you're seeing. I can't say for sure exactly what is needed but I do know that the typical recommendation, on the Sophos forums at least, is 3 GHz minimum. I only have a measly 50/5 cable modem service but I can tell you that Sophos performed noticeably better for me on an X5670 (2.9 GHz) than on an E5-2650 (2 GHz) which correlates with what you're seeing and what I've read. You're going to need "moar GHz" or turn off features to maximize that 1G internet if using UTM.

I don't know if XG performs better in that regard or not, but pfsense certainly seems to. I still prefer UTM myself.

Sophos IPS uses snort which is single threaded. So, adding more cores to the guest won't help much as plain old raw GHz which is what you're seeing. I can't say for sure exactly what is needed but I do know that the typical recommendation, on the Sophos forums at least, is 3 GHz minimum. I only have a measly 50/5 cable modem service but I can tell you that Sophos performed noticeably better for me on an X5670 (2.9 GHz) than on an E5-2650 (2 GHz) which correlates with what you're seeing and what I've read. You're going to need "moar GHz" or turn off features to maximize that 1G internet if using UTM.

I don't know if XG performs better in that regard or not, but pfsense certainly seems to. I still prefer UTM myself.

Click to expand...

I had found the same info as you. I might spin up and e3 box i have that core cpu is 3.4ghz and see if sophos runs better on that. I also have XG VM i started to setup which i might be able to test to see if it s better.

Well I finally got my servers setup in the new home and found out that Sophos UTM seems to have trouble with the Giga fiber speeds.

Seems to be due to IPS (Intrusion Prevention). I set snoop(sp?) to use 4 cores since I have 4 cores assigned to the VM. that helped a little bit. I also moved the VM to server with high freq CPU and that helped as well.

Right now with 4 Cores, 4 GB Ram and on the faster CPU (2.7GHZ) i am getting the below with IPS on.View attachment 8760

Just an update to this. I still am running UTM but upgraded the CPU in my servers to dual e5-2680 v2 which had a higher freq then the older CPU. So far i getting 450ish down and 1G up according to Fast.com. Still testing out the newer version of UTM but havent had time to set it up. ( i have a lot of rules in current deployment and there is not upgrade path).

Finally got around to getting an open rack and set it up last night. Here are some pics.

I still have to do some clean up and may move things around after a while. Right now moving them servers from the old Rack (sound deading) the whole room dropped 6 degs in temp. Prior it was running 92 F, now its at 86 F.

Just an update to this. I still am running UTM but upgraded the CPU in my servers to dual e5-2680 v2 which had a higher freq then the older CPU. So far i getting 450ish down and 1G up according to Fast.com. Still testing out the newer version of UTM but havent had time to set it up. ( i have a lot of rules in current deployment and there is not upgrade path).

I know how that goes. I was once dating a girl long distance and she would call me very, very angry because I had blown a whole saturday tinkering on some project and not once did I think to text or call her. When in the zone I didn't think of sleep or food just going full MacGuyver on things. Kudos on the new place btw

About Us

Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.